---
auth:
  strategy: x509
  options:
    foo: bar

network:
  plugin: flannel
  options:
    flannel_image: quay.io/coreos/flannel:v0.9.1
    flannel_cni_image: quay.io/coreos/flannel-cni:v0.2.0

ssh_key_path: {{ master_ssh_key_path }}
ignore_docker_version: {{ ignore_docker_version }}
authorization:
  mode: rbac
  options:

nodes:
  - address: {{ ip_address_0 }}
    user: {{ ssh_user_0 }}
    role: [controlplane, etcd]
    ssh_key_path: /home/user/.ssh/id_rsa
  - address: {{ ip_address_1 }}
    user: {{ ssh_user_1 }}
    role: [worker]
    ssh_key: |-
{{ ssh_key_1 }}
  - address: {{ dns_hostname_2 }}
    user: {{ ssh_user_2 }}
    role: [worker]
    hostname_override: node3
    internal_address: {{ internal_address_2 }}

services:
  etcd:
    image: quay.io/coreos/etcd:latest
  kube-api:
    image: {{ k8_rancher_image }}
    service_cluster_ip_range: 10.233.0.0/18
    pod_security_policy: false
    extra_args:
      v: 4
  kube-controller:
    image: {{ k8_rancher_image }}
    cluster_cidr: 10.233.64.0/18
    service_cluster_ip_range: 10.233.0.0/18
  scheduler:
    image: {{ k8_rancher_image }}
  kubelet:
    image: {{ k8_rancher_image }}
    cluster_domain: cluster.local
    cluster_dns_server: 10.233.0.3
    infra_container_image: gcr.io/google_containers/pause-amd64:3.0
  kubeproxy:
    image: {{ k8_rancher_image }}


system_images:
  alpine: alpine:latest
  nginx_proxy: rancher/rke-nginx-proxy:0.1.0
  cert_downloader: rancher/rke-cert-deployer:0.1.0
  kubedns_image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
  dnsmasq_image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
  kubedns_sidecar_image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
  kubedns_autoscaler_image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.0.0

# all addon manifests MUST specify a namespace
addons: |-
    ---
    apiVersion: v1
    kind: Pod
    metadata:
      name: my-nginx
      namespace: default
    spec:
      containers:
      - name: my-nginx
        image: nginx
        ports:
        - containerPort: 80
